Commit c6e3b421 authored by Leon Romanovsky's avatar Leon Romanovsky Committed by Saeed Mahameed

net/mlx5: Merge various control path IPsec headers into one file

The mlx5 IPsec code has logical separation between code that operates
with XFRM objects (ipsec.c), HW objects (ipsec_offload.c), flow steering
logic (ipsec_fs.c) and data path (ipsec_rxtx.c).

Such separation makes sense for C-files, but isn't needed at all for
H-files as they are included in batch anyway.
Reviewed-by: default avatarRaed Salem <raeds@nvidia.com>
Signed-off-by: default avatarLeon Romanovsky <leonro@nvidia.com>
Signed-off-by: default avatarSaeed Mahameed <saeedm@nvidia.com>
parent 2ea36e2e
...@@ -5,7 +5,7 @@ ...@@ -5,7 +5,7 @@
#include "en/txrx.h" #include "en/txrx.h"
#include "en/port.h" #include "en/port.h"
#include "en_accel/en_accel.h" #include "en_accel/en_accel.h"
#include "en_accel/ipsec_offload.h" #include "en_accel/ipsec.h"
static bool mlx5e_rx_is_xdp(struct mlx5e_params *params, static bool mlx5e_rx_is_xdp(struct mlx5e_params *params,
struct mlx5e_xsk_param *xsk) struct mlx5e_xsk_param *xsk)
......
...@@ -37,9 +37,8 @@ ...@@ -37,9 +37,8 @@
#include <linux/netdevice.h> #include <linux/netdevice.h>
#include "en.h" #include "en.h"
#include "en_accel/ipsec.h" #include "ipsec.h"
#include "en_accel/ipsec_rxtx.h" #include "ipsec_rxtx.h"
#include "en_accel/ipsec_fs.h"
static struct mlx5e_ipsec_sa_entry *to_ipsec_sa_entry(struct xfrm_state *x) static struct mlx5e_ipsec_sa_entry *to_ipsec_sa_entry(struct xfrm_state *x)
{ {
......
...@@ -40,11 +40,81 @@ ...@@ -40,11 +40,81 @@
#include <net/xfrm.h> #include <net/xfrm.h>
#include <linux/idr.h> #include <linux/idr.h>
#include "ipsec_offload.h"
#define MLX5E_IPSEC_SADB_RX_BITS 10 #define MLX5E_IPSEC_SADB_RX_BITS 10
#define MLX5E_IPSEC_ESN_SCOPE_MID 0x80000000L #define MLX5E_IPSEC_ESN_SCOPE_MID 0x80000000L
enum mlx5_accel_esp_flags {
MLX5_ACCEL_ESP_FLAGS_TUNNEL = 0, /* Default */
MLX5_ACCEL_ESP_FLAGS_TRANSPORT = 1UL << 0,
MLX5_ACCEL_ESP_FLAGS_ESN_TRIGGERED = 1UL << 1,
MLX5_ACCEL_ESP_FLAGS_ESN_STATE_OVERLAP = 1UL << 2,
};
enum mlx5_accel_esp_action {
MLX5_ACCEL_ESP_ACTION_DECRYPT,
MLX5_ACCEL_ESP_ACTION_ENCRYPT,
};
enum mlx5_accel_esp_keymats {
MLX5_ACCEL_ESP_KEYMAT_AES_NONE,
MLX5_ACCEL_ESP_KEYMAT_AES_GCM,
};
struct aes_gcm_keymat {
u64 seq_iv;
u32 salt;
u32 icv_len;
u32 key_len;
u32 aes_key[256 / 32];
};
struct mlx5_accel_esp_xfrm_attrs {
enum mlx5_accel_esp_action action;
u32 esn;
__be32 spi;
u32 seq;
u32 tfc_pad;
u32 flags;
u32 sa_handle;
union {
struct {
u32 size;
} bmp;
} replay;
enum mlx5_accel_esp_keymats keymat_type;
union {
struct aes_gcm_keymat aes_gcm;
} keymat;
union {
__be32 a4;
__be32 a6[4];
} saddr;
union {
__be32 a4;
__be32 a6[4];
} daddr;
u8 is_ipv6;
};
struct mlx5_accel_esp_xfrm {
struct mlx5_core_dev *mdev;
struct mlx5_accel_esp_xfrm_attrs attrs;
};
enum mlx5_accel_ipsec_cap {
MLX5_ACCEL_IPSEC_CAP_DEVICE = 1 << 0,
MLX5_ACCEL_IPSEC_CAP_ESP = 1 << 1,
MLX5_ACCEL_IPSEC_CAP_IPV6 = 1 << 2,
MLX5_ACCEL_IPSEC_CAP_LSO = 1 << 3,
MLX5_ACCEL_IPSEC_CAP_ESN = 1 << 4,
};
struct mlx5e_priv; struct mlx5e_priv;
struct mlx5e_ipsec_sw_stats { struct mlx5e_ipsec_sw_stats {
...@@ -108,6 +178,29 @@ void mlx5e_ipsec_build_netdev(struct mlx5e_priv *priv); ...@@ -108,6 +178,29 @@ void mlx5e_ipsec_build_netdev(struct mlx5e_priv *priv);
struct xfrm_state *mlx5e_ipsec_sadb_rx_lookup(struct mlx5e_ipsec *dev, struct xfrm_state *mlx5e_ipsec_sadb_rx_lookup(struct mlx5e_ipsec *dev,
unsigned int handle); unsigned int handle);
void mlx5e_accel_ipsec_fs_cleanup(struct mlx5e_ipsec *ipsec);
int mlx5e_accel_ipsec_fs_init(struct mlx5e_ipsec *ipsec);
int mlx5e_accel_ipsec_fs_add_rule(struct mlx5e_priv *priv,
struct mlx5_accel_esp_xfrm_attrs *attrs,
u32 ipsec_obj_id,
struct mlx5e_ipsec_rule *ipsec_rule);
void mlx5e_accel_ipsec_fs_del_rule(struct mlx5e_priv *priv,
struct mlx5_accel_esp_xfrm_attrs *attrs,
struct mlx5e_ipsec_rule *ipsec_rule);
void *mlx5_accel_esp_create_hw_context(struct mlx5_core_dev *mdev,
struct mlx5_accel_esp_xfrm *xfrm,
u32 *sa_handle);
void mlx5_accel_esp_free_hw_context(struct mlx5_core_dev *mdev, void *context);
u32 mlx5_ipsec_device_caps(struct mlx5_core_dev *mdev);
struct mlx5_accel_esp_xfrm *
mlx5_accel_esp_create_xfrm(struct mlx5_core_dev *mdev,
const struct mlx5_accel_esp_xfrm_attrs *attrs);
void mlx5_accel_esp_destroy_xfrm(struct mlx5_accel_esp_xfrm *xfrm);
void mlx5_accel_esp_modify_xfrm(struct mlx5_accel_esp_xfrm *xfrm,
const struct mlx5_accel_esp_xfrm_attrs *attrs);
#else #else
static inline int mlx5e_ipsec_init(struct mlx5e_priv *priv) static inline int mlx5e_ipsec_init(struct mlx5e_priv *priv)
{ {
...@@ -122,6 +215,10 @@ static inline void mlx5e_ipsec_build_netdev(struct mlx5e_priv *priv) ...@@ -122,6 +215,10 @@ static inline void mlx5e_ipsec_build_netdev(struct mlx5e_priv *priv)
{ {
} }
static inline u32 mlx5_ipsec_device_caps(struct mlx5_core_dev *mdev)
{
return 0;
}
#endif #endif
#endif /* __MLX5E_IPSEC_H__ */ #endif /* __MLX5E_IPSEC_H__ */
...@@ -2,8 +2,9 @@ ...@@ -2,8 +2,9 @@
/* Copyright (c) 2020, Mellanox Technologies inc. All rights reserved. */ /* Copyright (c) 2020, Mellanox Technologies inc. All rights reserved. */
#include <linux/netdevice.h> #include <linux/netdevice.h>
#include "ipsec_offload.h" #include "en.h"
#include "ipsec_fs.h" #include "en/fs.h"
#include "ipsec.h"
#include "fs_core.h" #include "fs_core.h"
#define NUM_IPSEC_FTE BIT(15) #define NUM_IPSEC_FTE BIT(15)
...@@ -565,7 +566,7 @@ static int tx_add_rule(struct mlx5e_priv *priv, ...@@ -565,7 +566,7 @@ static int tx_add_rule(struct mlx5e_priv *priv,
if (IS_ERR(rule)) { if (IS_ERR(rule)) {
err = PTR_ERR(rule); err = PTR_ERR(rule);
netdev_err(priv->netdev, "fail to add ipsec rule attrs->action=0x%x, err=%d\n", netdev_err(priv->netdev, "fail to add ipsec rule attrs->action=0x%x, err=%d\n",
attrs->action, err); attrs->action, err);
goto out; goto out;
} }
...@@ -579,8 +580,8 @@ static int tx_add_rule(struct mlx5e_priv *priv, ...@@ -579,8 +580,8 @@ static int tx_add_rule(struct mlx5e_priv *priv,
} }
static void rx_del_rule(struct mlx5e_priv *priv, static void rx_del_rule(struct mlx5e_priv *priv,
struct mlx5_accel_esp_xfrm_attrs *attrs, struct mlx5_accel_esp_xfrm_attrs *attrs,
struct mlx5e_ipsec_rule *ipsec_rule) struct mlx5e_ipsec_rule *ipsec_rule)
{ {
mlx5_del_flow_rules(ipsec_rule->rule); mlx5_del_flow_rules(ipsec_rule->rule);
ipsec_rule->rule = NULL; ipsec_rule->rule = NULL;
...@@ -592,7 +593,7 @@ static void rx_del_rule(struct mlx5e_priv *priv, ...@@ -592,7 +593,7 @@ static void rx_del_rule(struct mlx5e_priv *priv,
} }
static void tx_del_rule(struct mlx5e_priv *priv, static void tx_del_rule(struct mlx5e_priv *priv,
struct mlx5e_ipsec_rule *ipsec_rule) struct mlx5e_ipsec_rule *ipsec_rule)
{ {
mlx5_del_flow_rules(ipsec_rule->rule); mlx5_del_flow_rules(ipsec_rule->rule);
ipsec_rule->rule = NULL; ipsec_rule->rule = NULL;
...@@ -612,8 +613,8 @@ int mlx5e_accel_ipsec_fs_add_rule(struct mlx5e_priv *priv, ...@@ -612,8 +613,8 @@ int mlx5e_accel_ipsec_fs_add_rule(struct mlx5e_priv *priv,
} }
void mlx5e_accel_ipsec_fs_del_rule(struct mlx5e_priv *priv, void mlx5e_accel_ipsec_fs_del_rule(struct mlx5e_priv *priv,
struct mlx5_accel_esp_xfrm_attrs *attrs, struct mlx5_accel_esp_xfrm_attrs *attrs,
struct mlx5e_ipsec_rule *ipsec_rule) struct mlx5e_ipsec_rule *ipsec_rule)
{ {
if (attrs->action == MLX5_ACCEL_ESP_ACTION_DECRYPT) if (attrs->action == MLX5_ACCEL_ESP_ACTION_DECRYPT)
rx_del_rule(priv, attrs, ipsec_rule); rx_del_rule(priv, attrs, ipsec_rule);
......
...@@ -2,9 +2,8 @@ ...@@ -2,9 +2,8 @@
/* Copyright (c) 2017, Mellanox Technologies inc. All rights reserved. */ /* Copyright (c) 2017, Mellanox Technologies inc. All rights reserved. */
#include "mlx5_core.h" #include "mlx5_core.h"
#include "ipsec_offload.h" #include "ipsec.h"
#include "lib/mlx5.h" #include "lib/mlx5.h"
#include "en_accel/ipsec_fs.h"
struct mlx5_ipsec_sa_ctx { struct mlx5_ipsec_sa_ctx {
struct rhash_head hash; struct rhash_head hash;
......
/* SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB */
/* Copyright (c) 2020, Mellanox Technologies inc. All rights reserved. */
#ifndef __MLX5_IPSEC_OFFLOAD_H__
#define __MLX5_IPSEC_OFFLOAD_H__
#include <linux/mlx5/driver.h>
#include <linux/mlx5/accel.h>
void *mlx5_accel_esp_create_hw_context(struct mlx5_core_dev *mdev,
struct mlx5_accel_esp_xfrm *xfrm,
u32 *sa_handle);
void mlx5_accel_esp_free_hw_context(struct mlx5_core_dev *mdev, void *context);
#endif /* __MLX5_IPSEC_OFFLOAD_H__ */
...@@ -34,9 +34,8 @@ ...@@ -34,9 +34,8 @@
#include <crypto/aead.h> #include <crypto/aead.h>
#include <net/xfrm.h> #include <net/xfrm.h>
#include <net/esp.h> #include <net/esp.h>
#include "ipsec_offload.h" #include "ipsec.h"
#include "en_accel/ipsec_rxtx.h" #include "ipsec_rxtx.h"
#include "en_accel/ipsec.h"
#include "en.h" #include "en.h"
enum { enum {
......
...@@ -35,9 +35,7 @@ ...@@ -35,9 +35,7 @@
#include <net/sock.h> #include <net/sock.h>
#include "en.h" #include "en.h"
#include "ipsec_offload.h" #include "ipsec.h"
#include "fpga/sdk.h"
#include "en_accel/ipsec.h"
static const struct counter_desc mlx5e_ipsec_sw_stats_desc[] = { static const struct counter_desc mlx5e_ipsec_sw_stats_desc[] = {
{ MLX5E_DECLARE_STAT(struct mlx5e_ipsec_sw_stats, ipsec_rx_drop_sp_alloc) }, { MLX5E_DECLARE_STAT(struct mlx5e_ipsec_sw_stats, ipsec_rx_drop_sp_alloc) },
......
...@@ -48,7 +48,6 @@ ...@@ -48,7 +48,6 @@
#include "en_accel/ipsec.h" #include "en_accel/ipsec.h"
#include "en_accel/en_accel.h" #include "en_accel/en_accel.h"
#include "en_accel/ktls.h" #include "en_accel/ktls.h"
#include "en_accel/ipsec_offload.h"
#include "lib/vxlan.h" #include "lib/vxlan.h"
#include "lib/clock.h" #include "lib/clock.h"
#include "en/port.h" #include "en/port.h"
......
...@@ -48,7 +48,7 @@ ...@@ -48,7 +48,7 @@
#include "en_rep.h" #include "en_rep.h"
#include "en/rep/tc.h" #include "en/rep/tc.h"
#include "ipoib/ipoib.h" #include "ipoib/ipoib.h"
#include "en_accel/ipsec_offload.h" #include "en_accel/ipsec.h"
#include "en_accel/ipsec_rxtx.h" #include "en_accel/ipsec_rxtx.h"
#include "en_accel/ktls_txrx.h" #include "en_accel/ktls_txrx.h"
#include "en/xdp.h" #include "en/xdp.h"
......
...@@ -62,7 +62,7 @@ ...@@ -62,7 +62,7 @@
#include "lib/mlx5.h" #include "lib/mlx5.h"
#include "lib/tout.h" #include "lib/tout.h"
#include "fpga/core.h" #include "fpga/core.h"
#include "en_accel/ipsec_offload.h" #include "en_accel/ipsec.h"
#include "lib/clock.h" #include "lib/clock.h"
#include "lib/vxlan.h" #include "lib/vxlan.h"
#include "lib/geneve.h" #include "lib/geneve.h"
......
/*
* Copyright (c) 2018 Mellanox Technologies. All rights reserved.
*
* This software is available to you under a choice of one of two
* licenses. You may choose to be licensed under the terms of the GNU
* General Public License (GPL) Version 2, available from the file
* COPYING in the main directory of this source tree, or the
* OpenIB.org BSD license below:
*
* Redistribution and use in source and binary forms, with or
* without modification, are permitted provided that the following
* conditions are met:
*
* - Redistributions of source code must retain the above
* copyright notice, this list of conditions and the following
* disclaimer.
*
* - Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
*/
#ifndef __MLX5_ACCEL_H__
#define __MLX5_ACCEL_H__
#include <linux/mlx5/driver.h>
enum mlx5_accel_esp_flags {
MLX5_ACCEL_ESP_FLAGS_TUNNEL = 0, /* Default */
MLX5_ACCEL_ESP_FLAGS_TRANSPORT = 1UL << 0,
MLX5_ACCEL_ESP_FLAGS_ESN_TRIGGERED = 1UL << 1,
MLX5_ACCEL_ESP_FLAGS_ESN_STATE_OVERLAP = 1UL << 2,
};
enum mlx5_accel_esp_action {
MLX5_ACCEL_ESP_ACTION_DECRYPT,
MLX5_ACCEL_ESP_ACTION_ENCRYPT,
};
enum mlx5_accel_esp_keymats {
MLX5_ACCEL_ESP_KEYMAT_AES_NONE,
MLX5_ACCEL_ESP_KEYMAT_AES_GCM,
};
struct aes_gcm_keymat {
u64 seq_iv;
u32 salt;
u32 icv_len;
u32 key_len;
u32 aes_key[256 / 32];
};
struct mlx5_accel_esp_xfrm_attrs {
enum mlx5_accel_esp_action action;
u32 esn;
__be32 spi;
u32 seq;
u32 tfc_pad;
u32 flags;
u32 sa_handle;
union {
struct {
u32 size;
} bmp;
} replay;
enum mlx5_accel_esp_keymats keymat_type;
union {
struct aes_gcm_keymat aes_gcm;
} keymat;
union {
__be32 a4;
__be32 a6[4];
} saddr;
union {
__be32 a4;
__be32 a6[4];
} daddr;
u8 is_ipv6;
};
struct mlx5_accel_esp_xfrm {
struct mlx5_core_dev *mdev;
struct mlx5_accel_esp_xfrm_attrs attrs;
};
enum mlx5_accel_ipsec_cap {
MLX5_ACCEL_IPSEC_CAP_DEVICE = 1 << 0,
MLX5_ACCEL_IPSEC_CAP_ESP = 1 << 1,
MLX5_ACCEL_IPSEC_CAP_IPV6 = 1 << 2,
MLX5_ACCEL_IPSEC_CAP_LSO = 1 << 3,
MLX5_ACCEL_IPSEC_CAP_ESN = 1 << 4,
};
#ifdef CONFIG_MLX5_EN_IPSEC
u32 mlx5_ipsec_device_caps(struct mlx5_core_dev *mdev);
struct mlx5_accel_esp_xfrm *
mlx5_accel_esp_create_xfrm(struct mlx5_core_dev *mdev,
const struct mlx5_accel_esp_xfrm_attrs *attrs);
void mlx5_accel_esp_destroy_xfrm(struct mlx5_accel_esp_xfrm *xfrm);
void mlx5_accel_esp_modify_xfrm(struct mlx5_accel_esp_xfrm *xfrm,
const struct mlx5_accel_esp_xfrm_attrs *attrs);
#else
static inline u32 mlx5_ipsec_device_caps(struct mlx5_core_dev *mdev)
{
return 0;
}
static inline struct mlx5_accel_esp_xfrm *
mlx5_accel_esp_create_xfrm(struct mlx5_core_dev *mdev,
const struct mlx5_accel_esp_xfrm_attrs *attrs)
{
return ERR_PTR(-EOPNOTSUPP);
}
static inline void
mlx5_accel_esp_destroy_xfrm(struct mlx5_accel_esp_xfrm *xfrm) {}
static inline void
mlx5_accel_esp_modify_xfrm(struct mlx5_accel_esp_xfrm *xfrm,
const struct mlx5_accel_esp_xfrm_attrs *attrs)
{
}
#endif /* CONFIG_MLX5_EN_IPSEC */
#endif /* __MLX5_ACCEL_H__ */
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment